Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/45fee7-6985-4abe-afab-0142fef672ec/1/f1Mto9GzcPc4M2Oix0yJMh6toWA.roa
File:                     f1Mto9GzcPc4M2Oix0yJMh6toWA.roa (raw, json)
Hash identifier:          84CvNJo6FYo7qJUGi59PScidN7rKl7gKNL3hWWKJ6Lw=
Subject key identifier:   7F:53:2D:A3:D1:B3:70:F7:38:33:63:A2:C7:4C:89:32:1E:AD:A1:60
Certificate issuer:       /CN=f5d6b1d90ed4bf1651aa2270e6ecbac2d87922ac
Certificate serial:       01990F71676DC62D596DBA42464358FD74A4
Authority key identifier: F5:D6:B1:D9:0E:D4:BF:16:51:AA:22:70:E6:EC:BA:C2:D8:79:22:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9dax2Q7UvxZRqiJw5uy6wth5Iqw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/45fee7-6985-4abe-afab-0142fef672ec/1/f1Mto9GzcPc4M2Oix0yJMh6toWA.roa
Signing time:             Wed 03 Sep 2025 11:58:34 +0000
ROA not before:           Wed 03 Sep 2025 11:58:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216041
IP address blocks:        2a0c:fc80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/45fee7-6985-4abe-afab-0142fef672ec/1/9dax2Q7UvxZRqiJw5uy6wth5Iqw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/45fee7-6985-4abe-afab-0142fef672ec/1/9dax2Q7UvxZRqiJw5uy6wth5Iqw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9dax2Q7UvxZRqiJw5uy6wth5Iqw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0f:71:67:6d:c6:2d:59:6d:ba:42:46:43:58:fd:74:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5d6b1d90ed4bf1651aa2270e6ecbac2d87922ac
        Validity
            Not Before: Sep  3 11:58:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f532da3d1b370f7383363a2c74c89321eada160
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a3:38:79:99:7c:ea:2e:9e:85:73:d4:39:78:
                    7a:89:8d:ca:ef:0c:ad:c7:5d:20:5f:b7:ca:8e:29:
                    51:ec:a6:4a:fa:58:3d:3a:dc:72:c8:fb:32:db:36:
                    36:2f:34:40:f6:64:9e:0f:a9:0c:97:ab:27:db:34:
                    8e:57:38:d9:6e:db:95:df:35:78:f0:a7:e6:ed:f3:
                    76:39:62:10:d4:e9:90:e0:bb:35:5f:52:29:49:a2:
                    55:23:a6:33:a3:5d:7c:50:d1:72:39:12:06:23:12:
                    98:b0:85:de:45:96:75:05:7c:7d:03:ba:e5:f0:7a:
                    ac:ae:37:18:45:c2:a5:df:1e:bc:00:ac:7c:34:10:
                    00:e7:be:41:46:5f:2c:ee:44:36:e8:74:56:1e:37:
                    d4:25:b9:5d:a5:c0:67:48:ef:25:0e:c7:10:ea:b2:
                    70:cd:55:ff:6f:59:c7:ec:bf:b0:f1:c7:a4:21:86:
                    8f:d8:a3:e2:3d:24:df:9c:ae:14:03:16:42:80:e6:
                    95:c4:5e:f8:2e:f8:6f:11:83:43:16:c0:e1:cb:6f:
                    7a:18:3a:f3:85:ca:1d:6d:1a:21:ee:a8:c8:26:c5:
                    d7:33:47:58:66:36:b1:26:71:83:3e:74:b6:0c:f2:
                    1f:58:1f:88:4a:d9:be:5f:3b:e0:09:02:2e:dd:32:
                    eb:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:53:2D:A3:D1:B3:70:F7:38:33:63:A2:C7:4C:89:32:1E:AD:A1:60
            X509v3 Authority Key Identifier:
                keyid:F5:D6:B1:D9:0E:D4:BF:16:51:AA:22:70:E6:EC:BA:C2:D8:79:22:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9dax2Q7UvxZRqiJw5uy6wth5Iqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/45fee7-6985-4abe-afab-0142fef672ec/1/f1Mto9GzcPc4M2Oix0yJMh6toWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/45fee7-6985-4abe-afab-0142fef672ec/1/9dax2Q7UvxZRqiJw5uy6wth5Iqw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:fc80::/29

    Signature Algorithm: sha256WithRSAEncryption
         87:ec:e7:46:a8:66:bf:bc:53:d5:a3:b2:16:fa:64:29:28:72:
         d1:7d:1c:07:fd:72:ee:08:21:ea:9a:43:6d:ee:f4:76:d9:c2:
         96:12:48:c4:f5:03:55:b3:48:25:8a:1c:b2:21:79:aa:f4:60:
         5c:83:68:49:ae:7b:58:ed:22:71:5b:f5:b6:ee:24:6d:8b:0e:
         94:24:3a:5f:35:33:eb:3f:01:a3:37:85:2c:e9:47:77:ea:4c:
         65:53:8d:64:43:c7:69:df:9c:6d:15:53:58:1a:e1:4c:5c:6c:
         d9:82:13:12:7b:dd:9d:f9:28:0b:58:71:7e:66:84:e6:ce:8c:
         d4:d7:6c:e6:c0:4c:dc:27:ef:b1:57:a4:a6:b8:ec:37:04:40:
         95:ad:f8:95:4d:00:37:5d:5f:37:6b:68:aa:e9:3f:6a:d3:99:
         6f:b7:9d:02:12:4c:33:57:5f:95:af:4d:0a:90:65:75:74:ce:
         04:e9:88:a5:d4:95:f0:22:f4:62:5e:83:60:b0:6a:17:9d:86:
         4e:28:2c:2c:a5:a7:ba:49:44:b6:0d:95:cf:21:49:93:ba:ab:
         4b:18:c5:7c:0b:6b:e2:cb:54:a0:eb:90:90:c6:2e:0a:ae:f8:
         c6:2a:7a:26:14:30:6d:fc:3e:59:ab:61:ec:1a:9a:98:9e:12:
         0d:79:a5:cf
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZkPcWdtxi1ZbbpCRkNY/XSkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZDZiMWQ5MGVkNGJmMTY1MWFhMjI3MGU2ZWNiYWMyZDg3
OTIyYWMwHhcNMjUwOTAzMTE1ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjUzMmRhM2QxYjM3MGY3MzgzMzYzYTJjNzRjODkzMjFlYWRhMTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6M4eZl86i6ehXPUOXh6iY3K7wyt
x10gX7fKjilR7KZK+lg9OtxyyPsy2zY2LzRA9mSeD6kMl6sn2zSOVzjZbtuV3zV4
8Kfm7fN2OWIQ1OmQ4Ls1X1IpSaJVI6Yzo118UNFyORIGIxKYsIXeRZZ1BXx9A7rl
8HqsrjcYRcKl3x68AKx8NBAA575BRl8s7kQ26HRWHjfUJbldpcBnSO8lDscQ6rJw
zVX/b1nH7L+w8cekIYaP2KPiPSTfnK4UAxZCgOaVxF74LvhvEYNDFsDhy296GDrz
hcodbRoh7qjIJsXXM0dYZjaxJnGDPnS2DPIfWB+IStm+XzvgCQIu3TLrhwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFH9TLaPRs3D3ODNjosdMiTIeraFgMB8GA1UdIwQY
MBaAFPXWsdkO1L8WUaoicObsusLYeSKsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWRheDJRN1V2eFpScWlKdzV1eTZ3dGg1SXF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS80NWZlZTctNjk4NS00YWJlLWFmYWIt
MDE0MmZlZjY3MmVjLzEvZjFNdG85R3pjUGM0TTJPaXgweUpNaDZ0b1dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS80NWZlZTctNjk4NS00YWJlLWFmYWItMDE0MmZlZjY3MmVj
LzEvOWRheDJRN1V2eFpScWlKdzV1eTZ3dGg1SXF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgz8gDAN
BgkqhkiG9w0BAQsFAAOCAQEAh+znRqhmv7xT1aOyFvpkKShy0X0cB/1y7ggh6ppD
be70dtnClhJIxPUDVbNIJYocsiF5qvRgXINoSa57WO0icVv1tu4kbYsOlCQ6XzUz
6z8BozeFLOlHd+pMZVONZEPHad+cbRVTWBrhTFxs2YITEnvdnfkoC1hxfmaE5s6M
1Nds5sBM3CfvsVekprjsNwRAla34lU0AN11fN2toquk/atOZb7edAhJMM1dfla9N
CpBldXTOBOmIpdSV8CL0Yl6DYLBqF52GTigsLKWnuklEtg2VzyFJk7qrSxjFfAtr
4stUoOuQkMYuCq74xip6JhQwbfw+Wath7BqamJ4SDXmlzw==
-----END CERTIFICATE-----